Package org.wildfly.security.sasl.util

Class SaslMechanismInformation

    • Field Detail

      • MD5_MECHS

        private static final Set<String> MD5_MECHS

      • SHA_MECHS

        private static final Set<String> SHA_MECHS

      • SHA_256_MECHS

        private static final Set<String> SHA_256_MECHS

      • SHA_384_MECHS

        private static final Set<String> SHA_384_MECHS

      • SHA_512_MECHS

        private static final Set<String> SHA_512_MECHS

      • SHA_512_256_MECHS

        private static final Set<String> SHA_512_256_MECHS

      • MUTUAL_MECHS

        private static final Set<String> MUTUAL_MECHS

      • RECOMMENDED_MECHS

        private static final Set<String> RECOMMENDED_MECHS

      • HASH_MD5

        public static final Predicate<String> HASH_MD5
        A predicate which is true when the mechanism uses MD5.

      • HASH_SHA

        public static final Predicate<String> HASH_SHA
        A predicate which is true when the mechanism uses SHA.

      • HASH_SHA_256

        public static final Predicate<String> HASH_SHA_256
        A predicate which is true when the mechanism uses SHA-256.

      • HASH_SHA_384

        public static final Predicate<String> HASH_SHA_384
        A predicate which is true when the mechanism uses SHA-384.

      • HASH_SHA_512

        public static final Predicate<String> HASH_SHA_512
        A predicate which is true when the mechanism uses SHA-512.

      • HASH_SHA_512_256

        public static final Predicate<String> HASH_SHA_512_256
        A predicate which is true when the mechanism uses SHA-512/256.

      • GS2

        public static final Predicate<String> GS2
        A predicate which is true when a GS2-family mechanism is being used.

      • SCRAM

        public static final Predicate<String> SCRAM
        A predicate which is true when a SCRAM-family mechanism is being used.

      • DIGEST

        public static final Predicate<String> DIGEST
        A predicate which is true when a DIGEST-family mechanism is being used.

      • IEC_ISO_9798

        public static final Predicate<String> IEC_ISO_9798
        A predicate which is true when a IEC/ISO-9798-family mechanism is being used.

      • EAP

        public static final Predicate<String> EAP
        A predicate which is true when an EAP-family mechanism is being used.

      • MUTUAL

        public static final Predicate<String> MUTUAL
        A predicate which is true when the mechanism supports mutual authentication.

      • BINDING

        public static final Predicate<String> BINDING
        A predicate which is true when a mechanism which uses channel binding is being used.

      • RECOMMENDED

        public static final Predicate<String> RECOMMENDED
        A predicate which is true when the name being tested is a recommended mechanism as of the time of this release.

      • ONE_WAY_AND_TWO_WAY

        static final Set<Class<? extends Password>> ONE_WAY_AND_TWO_WAY

      • DIGEST_AND_TWO_WAY

        static final Set<Class<? extends Password>> DIGEST_AND_TWO_WAY

      • SCRAM_AND_TWO_WAY

        static final Set<Class<? extends Password>> SCRAM_AND_TWO_WAY

      • X_509_PUBLIC_OR_PRIVATE

        static final Set<Class<? extends Credential>> X_509_PUBLIC_OR_PRIVATE

      • JUST_PASSWORD_EVIDENCE

        static final Set<Class<? extends Evidence>> JUST_PASSWORD_EVIDENCE

      • JUST_BEARER_TOKEN_EVIDENCE

        static final Set<Class<? extends Evidence>> JUST_BEARER_TOKEN_EVIDENCE

      • DIGEST_MD5_AND_PLAIN

        static final Set<String> DIGEST_MD5_AND_PLAIN

      • DIGEST_SHA_AND_PLAIN

        static final Set<String> DIGEST_SHA_AND_PLAIN

      • DIGEST_SHA_256_AND_PLAIN

        static final Set<String> DIGEST_SHA_256_AND_PLAIN

      • DIGEST_SHA_384_AND_PLAIN

        static final Set<String> DIGEST_SHA_384_AND_PLAIN

      • DIGEST_SHA_512_AND_PLAIN

        static final Set<String> DIGEST_SHA_512_AND_PLAIN

      • DIGEST_SHA_512_256_AND_PLAIN

        static final Set<String> DIGEST_SHA_512_256_AND_PLAIN

      • SCRAM_SHA_1_AND_PLAIN

        static final Set<String> SCRAM_SHA_1_AND_PLAIN

      • SCRAM_SHA_256_AND_PLAIN

        static final Set<String> SCRAM_SHA_256_AND_PLAIN

      • SCRAM_SHA_384_AND_PLAIN

        static final Set<String> SCRAM_SHA_384_AND_PLAIN

      • SCRAM_SHA_512_AND_PLAIN

        static final Set<String> SCRAM_SHA_512_AND_PLAIN

      • OTP_ALGORITHMS

        static final Set<String> OTP_ALGORITHMS

      • JUST_PLAIN

        static final Set<String> JUST_PLAIN

      • JUST_DSA

        static final Set<String> JUST_DSA

      • JUST_RSA

        static final Set<String> JUST_RSA

      • ALL_ALGORITHMS

        static final Set<String> ALL_ALGORITHMS

    • Constructor Detail

      • SaslMechanismInformation

        public SaslMechanismInformation()

    • Method Detail

      • getSupportedClientCredentialTypes

        public static Set<Class<? extends Credential>> getSupportedClientCredentialTypes​(String mechName)
        Get the supported credential types for the given SASL client mechanism. If an empty set is returned, then no credentials are used by the mechanism or the mechanism is not known.
        Parameters:
        mechName - the mechanism name
        Returns:
        the set of allowed client credentials

      • getSupportedClientPasswordTypes

        public static Set<Class<? extends Password>> getSupportedClientPasswordTypes​(String mechName)
        Get the supported password types for the given SASL client mechanism. If an empty set is returned, then no passwords are used by the mechanism or nothing is known about the mechanism.
        Parameters:
        mechName - the mechanism name
        Returns:
        the set of allowed client password types

      • getSupportedServerCredentialTypes

        public static Set<Class<? extends Credential>> getSupportedServerCredentialTypes​(String mechName)
        Get the supported credential types for the given SASL server mechanism. If an empty set is returned, then no credentials are used by the mechanism or the mechanism is unknown.
        Parameters:
        mechName - the mechanism name
        Returns:
        the set of allowed server credential types

      • getSupportedServerPasswordTypes

        public static Set<Class<? extends Password>> getSupportedServerPasswordTypes​(String mechName)
        Get the supported password types for the given SASL server mechanism. If an empty set is returned, then no passwords are used by the mechanism or nothing is known about the mechanism
        Parameters:
        mechName - the mechanism name
        Returns:
        the set of allowed server password types

      • getSupportedClientCredentialAlgorithms

        public static Set<String> getSupportedClientCredentialAlgorithms​(String mechName,
                                                                 Class<? extends Credential> credentialType)
        Get the supported algorithm names for a SASL client mechanism and credential type. If the mechanism or credential type is not recognized, or if the given credential type does not use algorithms for the given mechanism name, an empty set is returned. If all algorithms are supported, a set containing the special string "*" is returned.
        Parameters:
        mechName - the SASL mechanism name
        credentialType - the proposed credential type
        Returns:
        the set of algorithms, or an empty set if all algorithms have unknown support

      • getSupportedServerCredentialAlgorithms

        public static Set<String> getSupportedServerCredentialAlgorithms​(String mechName,
                                                                 Class<? extends Credential> credentialType)
        Get the supported algorithm names for a SASL server mechanism and credential type. If the mechanism or credential type is not recognized, or if the given credential type does not use algorithms for the given mechanism name, an empty set is returned. If all algorithms are supported, a set containing the special string "*" is returned.
        Parameters:
        mechName - the SASL mechanism name
        credentialType - the proposed credential type
        Returns:
        the set of algorithms, or an empty set if all algorithms have equal or unknown support

      • getSupportedServerEvidenceTypes

        public static Set<Class<? extends Evidence>> getSupportedServerEvidenceTypes​(String mechName)
        Get the supported evidence types for the given SASL server mechanism. If an empty set is returned, then no evidence is used by the mechanism.
        Parameters:
        mechName - the mechanism name
        Returns:
        the set of allowed server credential types

      • getSupportedServerEvidenceAlgorithms

        public static Set<String> getSupportedServerEvidenceAlgorithms​(String mechName,
                                                               Class<? extends AlgorithmEvidence> evidenceType)
        Get the supported algorithm names for a SASL server mechanism and evidence type. If the mechanism or evidence type is not recognized, or if the given evidence type does not have an algorithm restriction for the given mechanism name, an empty set is returned.
        Parameters:
        mechName - the SASL mechanism name
        evidenceType - the proposed evidence type
        Returns:
        the set of algorithms, or an empty set if all algorithms have equal or unknown support

      • needsServerCredentials

        public static boolean needsServerCredentials​(String mechName)
        Determine whether a mechanism needs server-side credentials in order to authenticate. This may include credential verification or acquisition, or both.
        Parameters:
        mechName - the mechanism name
        Returns:
        true if the mechanism uses credentials, false otherwise

      • doesNotUsePrincipal

        public static boolean doesNotUsePrincipal​(String mechName)
        Determine whether the given mechanism name is known to not use any sort of Principal for authentication.
        Parameters:
        mechName - the mechanism name (must not be null)
        Returns:
        true if the mechanism does not use a principal, false if it does or it is not known

      • doesNotRequireClientCredentials

        public static boolean doesNotRequireClientCredentials​(String mechName)
        Determine whether a mechanism does not need the client to present credentials.
        Parameters:
        mechName - the mechanism name
        Returns:
        true if the mechanism does not require client credentials, false if it it does or it is not known